Results 1  10
of
16
Computing Hilbert class polynomials with the Chinese Remainder Theorem
, 2010
"... We present a spaceefficient algorithm to compute the Hilbert class polynomial HD(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(D  1/2+ɛ log P) space and has an expected running time of O ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
We present a spaceefficient algorithm to compute the Hilbert class polynomial HD(X) modulo a positive integer P, based on an explicit form of the Chinese Remainder Theorem. Under the Generalized Riemann Hypothesis, the algorithm uses O(D  1/2+ɛ log P) space and has an expected running time of O(D  1+ɛ). We describe practical optimizations that allow us to handle larger discriminants than other methods, with D  as large as 1013 and h(D) up to 106. We apply these results to construct pairingfriendly elliptic curves of prime order, using the CM method.
MODULAR POLYNOMIALS VIA ISOGENY VOLCANOES
, 2010
"... We present a new algorithm to compute the classical modular polynomial Φl in the rings Z[X, Y] and (Z/mZ)[X, Y], for a prime l and any positive integer m. Our approach uses the graph of lisogenies to efficiently compute Φl mod p for many primes p of a suitable form, and then applies the Chinese R ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
We present a new algorithm to compute the classical modular polynomial Φl in the rings Z[X, Y] and (Z/mZ)[X, Y], for a prime l and any positive integer m. Our approach uses the graph of lisogenies to efficiently compute Φl mod p for many primes p of a suitable form, and then applies the Chinese Remainder Theorem (CRT). Under the Generalized Riemann Hypothesis (GRH), we achieve an expected running time of O(l3 (log l) 3 log log l), and compute Φl mod m using O(l2 (log l) 2 + l2 log m) space. We have used the new algorithm to compute Φl with l over 5000, and Φl mod m with l over 20000. We also consider several modular functions g for which Φ g l is smaller than Φl, allowing us to handle l over 60000.
EXPLICIT CMTHEORY FOR LEVEL 2STRUCTURES ON ABELIAN SURFACES
"... Abstract. For a complex abelian surface A with endomorphism ring isomorphic to the maximal order in a quartic CMfield K, the Igusa invariants j1(A), j2(A), j3(A) generate an unramified abelian extension of the reflex field of K. In this paper we give an explicit geometric description of the Galois ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Abstract. For a complex abelian surface A with endomorphism ring isomorphic to the maximal order in a quartic CMfield K, the Igusa invariants j1(A), j2(A), j3(A) generate an unramified abelian extension of the reflex field of K. In this paper we give an explicit geometric description of the Galois action of the class group of this reflex field on j1(A), j2(A), j3(A). Our description can be expressed by maps between various Siegel modular varieties, and we can explicitly compute the action for ideals of small norm. We use the Galois action to modify the CRT method for computing Igusa class polynomials, and our run time analysis shows that this yields a significant improvement. Furthermore, we find cycles in isogeny graphs for abelian surfaces, thereby implying that the ‘isogeny volcano ’ algorithm to compute endomorphism rings of ordinary elliptic curves over finite fields does not have a straightforward generalization to computing endomorphism rings of abelian surfaces over finite fields. 1.
CLASS INVARIANTS BY THE CRT METHOD
, 1001
"... Abstract. We adapt the CRTapproach to computing Hilbertclass polynomials to handle a wide range of class invariants. Forsuitable discriminantsD, this improves its performance by a large constant factor, more than 200 in the most favourable circumstances. This has enabled recordbreaking construction ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract. We adapt the CRTapproach to computing Hilbertclass polynomials to handle a wide range of class invariants. Forsuitable discriminantsD, this improves its performance by a large constant factor, more than 200 in the most favourable circumstances. This has enabled recordbreaking constructions of elliptic curves via the CM method, including examples with D > 10 15. 1.
Computing endomorphism rings of elliptic curves under the GRH
 Journal of Mathematical Cryptology
"... We design a probabilistic algorithm for computing endomorphism rings of ordinary elliptic curves defined over finite fields that we prove has a subexponential runtime in the size of the base field, assuming solely the generalized Riemann hypothesis. Additionally, we improve the asymptotic complexity ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
We design a probabilistic algorithm for computing endomorphism rings of ordinary elliptic curves defined over finite fields that we prove has a subexponential runtime in the size of the base field, assuming solely the generalized Riemann hypothesis. Additionally, we improve the asymptotic complexity of previously known, heuristic, subexponential methods by describing a faster isogenycomputing routine. 1
Computing (ℓ,ℓ)isogenies in polynomial time on Jacobians of genus 2 curves. 2011. IACR ePrint
"... Abstract. In this paper, we compute ℓisogenies between abelian varieties over a field of characteristic different from 2 in polynomial time in ℓ, when ℓ is an odd prime which is coprime to the characteristic. We use level n symmetric theta structure where n = 2 or n = 4. In a second part of this pa ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
Abstract. In this paper, we compute ℓisogenies between abelian varieties over a field of characteristic different from 2 in polynomial time in ℓ, when ℓ is an odd prime which is coprime to the characteristic. We use level n symmetric theta structure where n = 2 or n = 4. In a second part of this paper we explain how to convert between Mumford coordinates of Jacobians of genus 2 hyperelliptic curves to theta coordinates of level 2 or 4. Combined with the preceding algorithm, this gives a method to compute (ℓ, ℓ)isogenies in polynomial time on Jacobians of genus 2 curves. 1.
A Subexponential Algorithm for Evaluating Large Degree Isogenies
, 1002
"... Abstract. An isogeny between elliptic curves is an algebraic morphism which is a group homomorphism. Many applications in cryptography require evaluating large degree isogenies between elliptic curves efficiently. For ordinary curves of the same endomorphism ring, the previous best known algorithm h ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. An isogeny between elliptic curves is an algebraic morphism which is a group homomorphism. Many applications in cryptography require evaluating large degree isogenies between elliptic curves efficiently. For ordinary curves of the same endomorphism ring, the previous best known algorithm has a worst case running time which is exponential in the length of the input. In this paper we show this problem can be solved in subexponential time under reasonable heuristics. Our approach is based on factoring the ideal corresponding to the kernel of the isogeny, modulo principal ideals, into a product of smaller prime ideals for which the isogenies can be computed directly. Combined with previous work of Bostan et al., our algorithm yields equations for large degree isogenies in quasioptimal time given only the starting curve and the kernel. 1
Computing endomorphism rings of abelian varieties
, 2012
"... Generalizing a method of Sutherland and the author for elliptic curves [5, 1], we design a subexponential algorithm for computing the endomorphism ring structure of ordinary abelian varieties of dimension two over finite fields. Although its correctness and complexity bound rely on several assumptio ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Generalizing a method of Sutherland and the author for elliptic curves [5, 1], we design a subexponential algorithm for computing the endomorphism ring structure of ordinary abelian varieties of dimension two over finite fields. Although its correctness and complexity bound rely on several assumptions, we report on practical computations showing that it performs very well and can easily handle previously intractable cases. Note. Certain results of this paper previously appeared in the author’s thesis [2]. 1
EXPLICIT CMTHEORY IN DIMENSION 2
"... Abstract. For a complex abelian surface A with endomorphism ring isomorphic to the maximal order in a quartic CMfield K, the Igusa invariants j1(A), j2(A), j3(A) generate an abelian extension of the reflex field of K. In this paper we give an explicit description of the Galois action of the class g ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. For a complex abelian surface A with endomorphism ring isomorphic to the maximal order in a quartic CMfield K, the Igusa invariants j1(A), j2(A), j3(A) generate an abelian extension of the reflex field of K. In this paper we give an explicit description of the Galois action of the class group of this reflex field on j1(A), j2(A), j3(A). We give a geometric description which can be expressed by maps between various Siegel modular varieties. We can explicitly compute this action for ideals of small norm, and this allows us to improve the CRT method for computing Igusa class polynomials. Furthermore, we find cycles in isogeny graphs for abelian surfaces, thereby implying that the ‘isogeny volcano ’ algorithm to compute endomorphism rings of ordinary elliptic curves over finite fields does not have a straightforward generalization to computing endomorphism rings of abelian surfaces over finite fields. 1.
A LOWMEMORY ALGORITHM FOR FINDING SHORT PRODUCT REPRESENTATIONS IN FINITE GROUPS
"... Abstract. We describe a spaceefficient algorithm for solving a generalization of the subset sum problem in a �nite group G, using a Pollardρ approach. Given an element z and a sequence of elements S, our algorithm attempts to �nd a subsequence of S whose product in G is equal to z. For a random se ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. We describe a spaceefficient algorithm for solving a generalization of the subset sum problem in a �nite group G, using a Pollardρ approach. Given an element z and a sequence of elements S, our algorithm attempts to �nd a subsequence of S whose product in G is equal to z. For a random sequence S of length dlog 2 n, where n = #G and d ⩾ 2 is a constant, we �nd that its expected running time is O ( � nlogn) group operations (we give a rigorous proof for d> 4), and it only needs to store O(1) group elements. We consider applications to class groups of imaginary quadratic �elds, and to �nding isogenies between elliptic curves over a �nite �eld. 1.